文摘
Software entropy is traditionally used for packer detection. Here, software entropy is represented as a non-stationary time series. Features are extracted using wavelets, change point models, and detrended fluctuation analysis. These features improve large-scale discrimination between malicious and clean files.